Redirect with connect-flash message when trying to access route when not logged in
up vote
1
down vote
favorite
I would like to redirect to the login page with an error message, when someone tried to access my admin page without authenticating, ie when someone tries to bypass the login page.
this is my admin end point:
server.get('/admin', isLoggedIn, function (req, res) {
console.log('Trying to access admin section')
res.render('admin', {
user: req.user //get the user out of session and pass to template
})
});
which contains the following isLoggedIn middleware:
function isLoggedIn(req, res, next) {
if (req.isAuthenticated())
return next();
console.log('Someone is trying to access this page without being authenticated')
req.flash('loginMessage', 'You need to be authenticated to access this page');
console.log(req.flash('loginMessage'))
res.redirect('/login')
}
the login access point is defined as the following:
server.get('/login', function (req, res) {
console.log('Using login route');
res.render('login',
{message: req.flash('loginMessage')}
);
});
My problem is, when someone tries to access the admin page directly, the flash message doesn't show up.
However when trying to login with fake credentials, the error messages do show up in the login page.
For information, this is how my post login route is set up:
server.post('/login', passport.authenticate('local-login', {
successRedirect:'/admin', // redirect to the secure profile section
failureRedirect:'/login', //redirect back to the login page if there is an error
failureFlash: true //allow Flash messages
}));
And I get the following messages in the terminal:
Someone is trying to access this page without being authenticated
[ 'You need to be authenticated to access this page' ]
GET /admin 302 8.859 ms - 68
Using login route
GET /login 200 79.373 ms - 1930
node.js express passport.js connect-flash
edited Apr 14 '17 at 8:33
Keith
1,81111834
asked Jun 5 '15 at 3:08
Bondifrench
60211130
|
show 3 more comments
up vote
1
down vote
favorite
I would like to redirect to the login page with an error message, when someone tried to access my admin page without authenticating, ie when someone tries to bypass the login page.
this is my admin end point:
server.get('/admin', isLoggedIn, function (req, res) {
console.log('Trying to access admin section')
res.render('admin', {
user: req.user //get the user out of session and pass to template
})
});
which contains the following isLoggedIn middleware:
function isLoggedIn(req, res, next) {
if (req.isAuthenticated())
return next();
console.log('Someone is trying to access this page without being authenticated')
req.flash('loginMessage', 'You need to be authenticated to access this page');
console.log(req.flash('loginMessage'))
res.redirect('/login')
}
the login access point is defined as the following:
server.get('/login', function (req, res) {
console.log('Using login route');
res.render('login',
{message: req.flash('loginMessage')}
);
});
My problem is, when someone tries to access the admin page directly, the flash message doesn't show up.
However when trying to login with fake credentials, the error messages do show up in the login page.
For information, this is how my post login route is set up:
server.post('/login', passport.authenticate('local-login', {
successRedirect:'/admin', // redirect to the secure profile section
failureRedirect:'/login', //redirect back to the login page if there is an error
failureFlash: true //allow Flash messages
}));
And I get the following messages in the terminal:
Someone is trying to access this page without being authenticated
[ 'You need to be authenticated to access this page' ]
GET /admin 302 8.859 ms - 68
Using login route
GET /login 200 79.373 ms - 1930
node.js express passport.js connect-flash
edited Apr 14 '17 at 8:33
Keith
1,81111834
asked Jun 5 '15 at 3:08
Bondifrench
60211130
Right now, can a user not authenticated can access the admin page ?
– limekin
Jun 5 '15 at 4:07
No, a user not authenticated can not access the admin page. My problem is not with the authentication, it's with passing a connect-flash message to my redirect.
– Bondifrench
Jun 5 '15 at 4:31
Are you able to display flashes by using other simple routes ? For example set a flash at '/setflash' and redirect it to '/flash' and view it there.
– limekin
Jun 5 '15 at 7:59
Not sure I understand your comment, when I put a wrong password in the login page or i login with a user name that is not already in the db (ie registered), I do have the correct flash messages being displayed, same for instance if i am on the register page and I use an already used login, flash messages are being displayed.
– Bondifrench
Jun 5 '15 at 8:36
Okay I just wanted to know if you have setup flash properly, since there wasn't any other places where you are using it in the code (except passport's, thought it had a different flash, but i was wrong when I checked it).
– limekin
Jun 5 '15 at 8:53
|
show 3 more comments
up vote
1
down vote
favorite
up vote
1
down vote
favorite
I would like to redirect to the login page with an error message, when someone tried to access my admin page without authenticating, ie when someone tries to bypass the login page.
this is my admin end point:
server.get('/admin', isLoggedIn, function (req, res) {
console.log('Trying to access admin section')
res.render('admin', {
user: req.user //get the user out of session and pass to template
})
});
which contains the following isLoggedIn middleware:
function isLoggedIn(req, res, next) {
if (req.isAuthenticated())
return next();
console.log('Someone is trying to access this page without being authenticated')
req.flash('loginMessage', 'You need to be authenticated to access this page');
console.log(req.flash('loginMessage'))
res.redirect('/login')
}
the login access point is defined as the following:
server.get('/login', function (req, res) {
console.log('Using login route');
res.render('login',
{message: req.flash('loginMessage')}
);
});
My problem is, when someone tries to access the admin page directly, the flash message doesn't show up.
However when trying to login with fake credentials, the error messages do show up in the login page.
For information, this is how my post login route is set up:
server.post('/login', passport.authenticate('local-login', {
successRedirect:'/admin', // redirect to the secure profile section
failureRedirect:'/login', //redirect back to the login page if there is an error
failureFlash: true //allow Flash messages
}));
And I get the following messages in the terminal:
Someone is trying to access this page without being authenticated
[ 'You need to be authenticated to access this page' ]
GET /admin 302 8.859 ms - 68
Using login route
GET /login 200 79.373 ms - 1930
node.js express passport.js connect-flash
edited Apr 14 '17 at 8:33
Keith
1,81111834
asked Jun 5 '15 at 3:08
Bondifrench
60211130
I would like to redirect to the login page with an error message, when someone tried to access my admin page without authenticating, ie when someone tries to bypass the login page.
this is my admin end point:
server.get('/admin', isLoggedIn, function (req, res) {
console.log('Trying to access admin section')
res.render('admin', {
user: req.user //get the user out of session and pass to template
})
});
which contains the following isLoggedIn middleware:
function isLoggedIn(req, res, next) {
if (req.isAuthenticated())
return next();
console.log('Someone is trying to access this page without being authenticated')
req.flash('loginMessage', 'You need to be authenticated to access this page');
console.log(req.flash('loginMessage'))
res.redirect('/login')
}
the login access point is defined as the following:
server.get('/login', function (req, res) {
console.log('Using login route');
res.render('login',
{message: req.flash('loginMessage')}
);
});
My problem is, when someone tries to access the admin page directly, the flash message doesn't show up.
However when trying to login with fake credentials, the error messages do show up in the login page.
For information, this is how my post login route is set up:
server.post('/login', passport.authenticate('local-login', {
successRedirect:'/admin', // redirect to the secure profile section
failureRedirect:'/login', //redirect back to the login page if there is an error
failureFlash: true //allow Flash messages
}));
And I get the following messages in the terminal:
Someone is trying to access this page without being authenticated
[ 'You need to be authenticated to access this page' ]
GET /admin 302 8.859 ms - 68
Using login route
GET /login 200 79.373 ms - 1930
node.js express passport.js connect-flash
node.js express passport.js connect-flash
edited Apr 14 '17 at 8:33
Keith
1,81111834
asked Jun 5 '15 at 3:08
Bondifrench
60211130
edited Apr 14 '17 at 8:33
Keith
1,81111834
asked Jun 5 '15 at 3:08
Bondifrench
60211130
edited Apr 14 '17 at 8:33
Keith
1,81111834
edited Apr 14 '17 at 8:33
Keith
1,81111834
edited Apr 14 '17 at 8:33
Keith
1,81111834
1,81111834
asked Jun 5 '15 at 3:08
Bondifrench
60211130
asked Jun 5 '15 at 3:08
Bondifrench
60211130
asked Jun 5 '15 at 3:08
Bondifrench
60211130
60211130
Right now, can a user not authenticated can access the admin page ?
– limekin
Jun 5 '15 at 4:07
No, a user not authenticated can not access the admin page. My problem is not with the authentication, it's with passing a connect-flash message to my redirect.
– Bondifrench
Jun 5 '15 at 4:31
Are you able to display flashes by using other simple routes ? For example set a flash at '/setflash' and redirect it to '/flash' and view it there.
– limekin
Jun 5 '15 at 7:59
Not sure I understand your comment, when I put a wrong password in the login page or i login with a user name that is not already in the db (ie registered), I do have the correct flash messages being displayed, same for instance if i am on the register page and I use an already used login, flash messages are being displayed.
– Bondifrench
Jun 5 '15 at 8:36
Okay I just wanted to know if you have setup flash properly, since there wasn't any other places where you are using it in the code (except passport's, thought it had a different flash, but i was wrong when I checked it).
– limekin
Jun 5 '15 at 8:53
|
show 3 more comments
Right now, can a user not authenticated can access the admin page ?
– limekin
Jun 5 '15 at 4:07
No, a user not authenticated can not access the admin page. My problem is not with the authentication, it's with passing a connect-flash message to my redirect.
– Bondifrench
Jun 5 '15 at 4:31
Are you able to display flashes by using other simple routes ? For example set a flash at '/setflash' and redirect it to '/flash' and view it there.
– limekin
Jun 5 '15 at 7:59
Not sure I understand your comment, when I put a wrong password in the login page or i login with a user name that is not already in the db (ie registered), I do have the correct flash messages being displayed, same for instance if i am on the register page and I use an already used login, flash messages are being displayed.
– Bondifrench
Jun 5 '15 at 8:36
Okay I just wanted to know if you have setup flash properly, since there wasn't any other places where you are using it in the code (except passport's, thought it had a different flash, but i was wrong when I checked it).
– limekin
Jun 5 '15 at 8:53
Right now, can a user not authenticated can access the admin page ?
– limekin
Jun 5 '15 at 4:07
Right now, can a user not authenticated can access the admin page ?
– limekin
Jun 5 '15 at 4:07
No, a user not authenticated can not access the admin page. My problem is not with the authentication, it's with passing a connect-flash message to my redirect.
– Bondifrench
Jun 5 '15 at 4:31
No, a user not authenticated can not access the admin page. My problem is not with the authentication, it's with passing a connect-flash message to my redirect.
– Bondifrench
Jun 5 '15 at 4:31
Are you able to display flashes by using other simple routes ? For example set a flash at '/setflash' and redirect it to '/flash' and view it there.
– limekin
Jun 5 '15 at 7:59
Are you able to display flashes by using other simple routes ? For example set a flash at '/setflash' and redirect it to '/flash' and view it there.
– limekin
Jun 5 '15 at 7:59
Not sure I understand your comment, when I put a wrong password in the login page or i login with a user name that is not already in the db (ie registered), I do have the correct flash messages being displayed, same for instance if i am on the register page and I use an already used login, flash messages are being displayed.
– Bondifrench
Jun 5 '15 at 8:36
Not sure I understand your comment, when I put a wrong password in the login page or i login with a user name that is not already in the db (ie registered), I do have the correct flash messages being displayed, same for instance if i am on the register page and I use an already used login, flash messages are being displayed.
– Bondifrench
Jun 5 '15 at 8:36
Okay I just wanted to know if you have setup flash properly, since there wasn't any other places where you are using it in the code (except passport's, thought it had a different flash, but i was wrong when I checked it).
– limekin
Jun 5 '15 at 8:53
Okay I just wanted to know if you have setup flash properly, since there wasn't any other places where you are using it in the code (except passport's, thought it had a different flash, but i was wrong when I checked it).
– limekin
Jun 5 '15 at 8:53
|
show 3 more comments
2 Answers
2
active
oldest
votes
up vote
2
down vote
accepted
In connect-flash, when you are retrieving the flash messages set on a key with req.flash(<key>), it copies the messages of the <key> to a temp array, DELETES the messages for that <key> from the connect-flash's internal flash message store and then returns that temp array.
So the flash('loginMessage') returns empty at route '/login', because you have previously retrieved it at isLoggedIn's console.log(req.flash('loginMessage')).
I found it when I checked the sources of connect-flash. Its here : flash.js of connect flash. The exmples in there should give you the idea quickly.
answered Jun 6 '15 at 11:47
limekin
1,6261712
add a comment |
up vote
0
down vote
In case anyone is coming to this and the selected answer doesn't work, consider trying the following. I've had the same issue but wasn't "consuming" the key at any stage using console.log etc.
The problematic version of the code was as follows. I called these instructions in a POST route:
req.flash('errorMessage', errors.array().map(err => err.msg););
res.redirect('/profile');
Where the GET route for 'profile' renders an EJS template with errorMessage: req.flash('errorMessage') among its inputs.
What worked for me was assigning my error messages (errors.array().map(err => err.msg)) to a variable and passing that variable to connect-flash, like so:
var errMsgs = errors.array().map(err => err.msg);
req.flash('errorMessage', errMsgs);
res.redirect('/profile');
Hope this helps.
answered Nov 9 at 17:29
GroomedGorilla
3691519
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f30657755%2fredirect-with-connect-flash-message-when-trying-to-access-route-when-not-logged%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
2
down vote
accepted
In connect-flash, when you are retrieving the flash messages set on a key with req.flash(<key>), it copies the messages of the <key> to a temp array, DELETES the messages for that <key> from the connect-flash's internal flash message store and then returns that temp array.
So the flash('loginMessage') returns empty at route '/login', because you have previously retrieved it at isLoggedIn's console.log(req.flash('loginMessage')).
I found it when I checked the sources of connect-flash. Its here : flash.js of connect flash. The exmples in there should give you the idea quickly.
answered Jun 6 '15 at 11:47
limekin
1,6261712
add a comment |
up vote
2
down vote
accepted
In connect-flash, when you are retrieving the flash messages set on a key with req.flash(<key>), it copies the messages of the <key> to a temp array, DELETES the messages for that <key> from the connect-flash's internal flash message store and then returns that temp array.
So the flash('loginMessage') returns empty at route '/login', because you have previously retrieved it at isLoggedIn's console.log(req.flash('loginMessage')).
I found it when I checked the sources of connect-flash. Its here : flash.js of connect flash. The exmples in there should give you the idea quickly.
answered Jun 6 '15 at 11:47
limekin
1,6261712
add a comment |
up vote
2
down vote
accepted
up vote
2
down vote
accepted
In connect-flash, when you are retrieving the flash messages set on a key with req.flash(<key>), it copies the messages of the <key> to a temp array, DELETES the messages for that <key> from the connect-flash's internal flash message store and then returns that temp array.
So the flash('loginMessage') returns empty at route '/login', because you have previously retrieved it at isLoggedIn's console.log(req.flash('loginMessage')).
I found it when I checked the sources of connect-flash. Its here : flash.js of connect flash. The exmples in there should give you the idea quickly.
answered Jun 6 '15 at 11:47
limekin
1,6261712
In connect-flash, when you are retrieving the flash messages set on a key with req.flash(<key>), it copies the messages of the <key> to a temp array, DELETES the messages for that <key> from the connect-flash's internal flash message store and then returns that temp array.
So the flash('loginMessage') returns empty at route '/login', because you have previously retrieved it at isLoggedIn's console.log(req.flash('loginMessage')).
I found it when I checked the sources of connect-flash. Its here : flash.js of connect flash. The exmples in there should give you the idea quickly.
answered Jun 6 '15 at 11:47
limekin
1,6261712
answered Jun 6 '15 at 11:47
limekin
1,6261712
answered Jun 6 '15 at 11:47
limekin
1,6261712
answered Jun 6 '15 at 11:47
limekin
1,6261712
1,6261712
add a comment |
add a comment |
up vote
0
down vote
In case anyone is coming to this and the selected answer doesn't work, consider trying the following. I've had the same issue but wasn't "consuming" the key at any stage using console.log etc.
The problematic version of the code was as follows. I called these instructions in a POST route:
req.flash('errorMessage', errors.array().map(err => err.msg););
res.redirect('/profile');
Where the GET route for 'profile' renders an EJS template with errorMessage: req.flash('errorMessage') among its inputs.
What worked for me was assigning my error messages (errors.array().map(err => err.msg)) to a variable and passing that variable to connect-flash, like so:
var errMsgs = errors.array().map(err => err.msg);
req.flash('errorMessage', errMsgs);
res.redirect('/profile');
Hope this helps.
answered Nov 9 at 17:29
GroomedGorilla
3691519
add a comment |
up vote
0
down vote
In case anyone is coming to this and the selected answer doesn't work, consider trying the following. I've had the same issue but wasn't "consuming" the key at any stage using console.log etc.
The problematic version of the code was as follows. I called these instructions in a POST route:
req.flash('errorMessage', errors.array().map(err => err.msg););
res.redirect('/profile');
Where the GET route for 'profile' renders an EJS template with errorMessage: req.flash('errorMessage') among its inputs.
What worked for me was assigning my error messages (errors.array().map(err => err.msg)) to a variable and passing that variable to connect-flash, like so:
var errMsgs = errors.array().map(err => err.msg);
req.flash('errorMessage', errMsgs);
res.redirect('/profile');
Hope this helps.
answered Nov 9 at 17:29
GroomedGorilla
3691519
add a comment |
up vote
0
down vote
up vote
0
down vote
In case anyone is coming to this and the selected answer doesn't work, consider trying the following. I've had the same issue but wasn't "consuming" the key at any stage using console.log etc.
The problematic version of the code was as follows. I called these instructions in a POST route:
req.flash('errorMessage', errors.array().map(err => err.msg););
res.redirect('/profile');
Where the GET route for 'profile' renders an EJS template with errorMessage: req.flash('errorMessage') among its inputs.
What worked for me was assigning my error messages (errors.array().map(err => err.msg)) to a variable and passing that variable to connect-flash, like so:
var errMsgs = errors.array().map(err => err.msg);
req.flash('errorMessage', errMsgs);
res.redirect('/profile');
Hope this helps.
answered Nov 9 at 17:29
GroomedGorilla
3691519
In case anyone is coming to this and the selected answer doesn't work, consider trying the following. I've had the same issue but wasn't "consuming" the key at any stage using console.log etc.
The problematic version of the code was as follows. I called these instructions in a POST route:
req.flash('errorMessage', errors.array().map(err => err.msg););
res.redirect('/profile');
Where the GET route for 'profile' renders an EJS template with errorMessage: req.flash('errorMessage') among its inputs.
What worked for me was assigning my error messages (errors.array().map(err => err.msg)) to a variable and passing that variable to connect-flash, like so:
var errMsgs = errors.array().map(err => err.msg);
req.flash('errorMessage', errMsgs);
res.redirect('/profile');
Hope this helps.
answered Nov 9 at 17:29
GroomedGorilla
3691519
answered Nov 9 at 17:29
GroomedGorilla
3691519
answered Nov 9 at 17:29
GroomedGorilla
3691519
answered Nov 9 at 17:29
GroomedGorilla
3691519
3691519
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f30657755%2fredirect-with-connect-flash-message-when-trying-to-access-route-when-not-logged%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Right now, can a user not authenticated can access the admin page ?
– limekin
Jun 5 '15 at 4:07
No, a user not authenticated can not access the admin page. My problem is not with the authentication, it's with passing a connect-flash message to my redirect.
– Bondifrench
Jun 5 '15 at 4:31
Are you able to display flashes by using other simple routes ? For example set a flash at '/setflash' and redirect it to '/flash' and view it there.
– limekin
Jun 5 '15 at 7:59
Not sure I understand your comment, when I put a wrong password in the login page or i login with a user name that is not already in the db (ie registered), I do have the correct flash messages being displayed, same for instance if i am on the register page and I use an already used login, flash messages are being displayed.
– Bondifrench
Jun 5 '15 at 8:36
Okay I just wanted to know if you have setup flash properly, since there wasn't any other places where you are using it in the code (except passport's, thought it had a different flash, but i was wrong when I checked it).
– limekin
Jun 5 '15 at 8:53